Skip to content


SAFE People

ID Description Requirement Type Role
PEOPLE-01 Individuals MUST be able to supply user identification information to the data custodian to verify identity Functional RE, TA, DC
PEOPLE-02 Individuals or Organisations must be able to supply their Accredited / Approved / Bonafide researcher status or equivalent to the data custodian to verify their status Functional RE, TA*, DC
PEOPLE-03 Individuals are afforded opportunities to undertake and renew their Information Governance Training in support of their Accreditation status Non-Functional RE, TA, DC
PEOPLE-04 Organisations must be able to provide information on appropriate governance and administrative arrangements, security and privacy arrangements and technical skills and capabilities to protect, manage and use data Functional PO
PEOPLE-05 Individuals must be able to use their existing identities from their affiliated organisations to authenticate using 2FA and use services from data custodians, which offers a level of organisation control of individual access to data Functional RE, TA
PEOPLE-06 TRE providers must be able to apply authorisation policies to enable access to services and share authorisation decisions to enable system-wide intelligence of an individual’s access rights Functional TA
PEOPLE-07 TRE providers should maintain and record of all user access performed by Individuals for audit purposes Non-Functional TA
PEOPLE-08 TRE Providers should be able disbar users in breach of service with an appeals process Non-Functional TA

SAFE Project

ID Description Requirement Type Role
PROJECT-01 Individuals and organisation must be able to provide detailed project descriptions including project methodology, funder/sponsor information, ethics approvals and time period of access Functional RE, DC
PROJECT-02 Data Custodians must provide detailed guidance of the data access request process, including time frames, requirements and decision making process Non-Functional DC
PROJECT-03 Data Custodians must provide the ability for Individuals and organisations to submit and process enquiries of the data prior to submission of a formal access request Functional DC
PROJECT-04 Data Custodians must provide a proportionate data access request form to collect all relevant information about the individual/organisation’s project Functional DC
PROJECT-05 Data Custodians must inform and update individuals on the status & processing times of their application and allow for individual appeals process Functional DC
PROJECT-06 Data Custodians must demonstrate meaningful involvement of patient and public / lay representatives in the data access decision making process. Non-Functional DC
PROJECT-07 TRE providers must allow individuals to specify software, research code, reference data, configurations to be deployed with their SAFE Setting which may be subject to a review process before deployment Functional DC, TA
PROJECT-08 TRE provider must make every attempt to support the ongoing collaboration between project members, including provide collaboration software – Git, Shared docs Functional TA, SI
PROJECT-09 Data Custodian must maintain a public Data Use Register that is updated in ‘real time’ with approved projects Functional DC


ID Description Requirement Type Role
DATA-01 Data Custodians must provide descriptive, semantic and technical metadata about their datasets publicly available in human and machine readable form Functional DC
DATA-02 Data Custodians must provision data using a standardised format supporting well-known data standards, e.g. See HDR UK Data Standards Green Paper Functional DC
DATA-03 Data custodians must provide a lay summary of how they manage direct identifiers within their source data assets prior to onboarding into the TRE. Non-Functional DC
DATA-04 TRE Providers should provide data linkage services to allow users to request linkage of datasets with data held internally or externally to the TRE provider Non-Functional TA, DC
DATA-05 TRE providers should implement appropriate data minimisation proportionate to sensitivity and the approved use of the data Non-Functional TA
DATA-06 TRE providers must encrypt their data at rest and in transit with client-held keys with an auditable access log Non-Functional TA
DATA-07 TRE providers should be able to provision minimised data into project specific workspaces that maintain the integrity of the provisioned data and ensure multi-tenant security and privacy Functional DE
DATA-08 TRE provider should provide mechanisms and process for researchers to request ingress of external (additional) data to be used by researchers as part of their research Functional DE

SAFE Setting

ID Description Requirement Type Role
SETTING-01 TRE providers must implement processes and systems that hold and managed data securely, encrypted at rest with client-held encryption keys Non-Functional TA
SETTING-02 TRE providers must implement mechanisms to provision a minimised dataset bespoke to the individuals request encrypted with a separate key accessible by the project individuals Functional DE
SETTING-03 TRE providers must provide ingress and egress (where allowed) to transfer data and code securely between SAFE Settings Functional DE
SETTING-04 TRE providers must provide a secure environment to allow individuals to perform their analysis using tools supplied by the TRE provider and/or tools requested to be deployed by the individual Functional TA
SETTING-05 TRE providers must provide services that allow individuals to remotely execute analysis workflows using TRE supplied tools or research software with minimal hands-on access to the data Functional TA
SETTING-06 TRE Providers must publish their security design and implementation reports for review Non-Functional SO
SETTING-07 TRE providers must provide assurance statements that ensure their processes and systems are conformant to secure data processing standards – ISO 27001, IGToolkit/DSPT, ONS/UKSA Accredited Processor Non-Functional SO

SAFE Outputs

ID Description Requirement Type Roles
OUTPUT-01 Individual MUST be able to apply for a data or code release from a TRE including information on dissemination channels Functional RE, DE
OUTPUT-02 TRE providers must implement repeatable and timely processes and systems to assess and decide on the data release applications in a consistent manner, including decision provenance & appeals process and support to individuals to undertake output checking themselves with supervision. Non-Functional DE
OUTPUT-03 TRE providers must provide open and clear documentation of the statistical disclosure control policies including the assessment criteria Functional DE
OUTPUT-04 TRE Providers must provide automated solutions (Airlock), where possible, to assess and decide data release applications and where possible coordinate the transfer of output data to a location specified by the individual Functional DE
OUTPUT-05 TRE Airlock managers should aim to harmonise and coordinate output checking and data release management processes with other TRE Airlock managers Non-Functional DE
OUTPUT-06 TRE providers and Individuals must ensure appropriate training is afforded to staff and individuals to ensure individuals are able to produce outputs that require minimal effort to check Non-Functional TA
OUTPUT-07 TRE Providers must provide a mechanisms to archive an entire project workspace for a determined duration Functional TA, DE